FlagThis

CyberSecurity updates
Updated: 2024-10-22 05:25:43 Pacfic
ciso2ciso.com
Iranian Hackers Target Microsoft 365 and Citrix Systems with MFA Push Bombing - 4d

Read more: ciso2ciso.com

Iranian hackers are targeting organizations with a sophisticated multi-factor authentication (MFA) push-bombing attack, aiming to compromise their Microsoft 365, Azure, and Citrix Systems accounts. This attack involves sending a barrage of MFA push notifications to a victim’s device, overwhelming them with authentication requests and potentially tricking them into approving a malicious login.
The attackers exploit the user’s trust in MFA and their desire to quickly clear the notifications. This attack highlights the importance of implementing robust MFA strategies, including the use of advanced MFA solutions and security awareness training for employees. Organizations should also be wary of suspicious activity related to MFA notifications and promptly investigate any unusual behavior.

References:
  • Threats - Iranian hackers are going after critical infrastructure sector passwords, agencies caution - 5d
  • All CISA Advisories - This CISA advisory provides details about the Iranian cyber actors' activities, including their tactics, techniques, and procedures. - 5d
  • Over Security - US disrupts Anonymous Sudan DDoS operation, indicts 2 Sudanese brothers - 5d
  • Malware Analysis, News and Indicators - US charges 2 with running 'Anonymous Sudan' hacking group - 5d
  • www.nextgov.com - US charges 2 with running 'Anonymous Sudan' hacking group - 5d
  • @jos1264 - CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force - 5d
  • All CISA Advisories - CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force - 5d
  • @feeds - Cysec social media post on US disrupting Anonymous Sudan DDoS operation. - 5d
  • Malware Analysis, News and Indicators - Charges unveiled in ongoing effort to de-anonymise DDoS group Anonymous Sudan - 4d
  • @VirusBulletin - NSA, in collaboration with FBI, CISA, CSE Canada, AFP and ASD’s ACSC, has released an advisory report on Iranian cyber actors’ use of brute force and other techniques to compromise organizations a - 4d
  • Industrial Cyber - Iranian hackers use brute force, credential access activity to target critical infrastructure organizations - 4d
  • Cybersecurity News - FBI, CISA, NSA Warn of Iranian Cyberattacks on Critical Infrastructure - 4d
  • Malware Analysis, News and Indicators - Sudanese Brothers Arrested in ‘AnonSudan’ Takedown - 4d
  • www.crowdstrike.com - The security firm CrowdStrike assessed that the success of AnonSudan’s DDoS attacks stemmed from a combination of factors, including sophisticated techniques for bypassing DDoS mitigation services. - 4d
  • ciso2ciso.com - Iranian Hackers Using Brute Force on Critical Infrastructure – Source: www.govinfosecurity.com - 4d
  • @patrickcmiller - CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force - 4d
  • Malware Analysis, News and Indicators - US, allies warn of Iranian brute-force attacks against critical infrastructure - 4d
  • SCM feed for Security Strategy, Plan, Budget - US, allies warn of Iranian brute-force attacks against critical infrastructure - 4d
  • CyberInsider - Cyber Insider article on Anonymous Sudan hackers being indicted and their DDoS tools being seized - 4d
  • Malware Analysis, News and Indicators - Malware.news post on Anonymous Sudan leaders being indicted - 4d
  • www.scworld.com - SC World brief on the disruption of Anonymous Sudan DDoS operation - 4d
  • ciso2ciso.com - US Charges Anonymous Sudan Members in DDoS Cybercrime Case – Source: www.infosecurity-magazine.com - 4d
  • Web Fraud 2.0 - This article provides a detailed account of the Anonymous Sudan takedown. - 3d
  • @patrickcmiller - This post from infosec.exchange mentions the CISA advisory warning about Iranian brute force attacks. - 3d
  • BleepingComputer - Iranian hackers act as brokers selling critical infrastructure access - 3d
  • Threats - This news article reports on the indictment of two Sudanese nationals for their alleged leadership roles in Anonymous Sudan. - 3d
  • @feeds - Cysec social post about Iranian hacking activities. - 3d
  • Industrial Cyber - Industrial Cyber - Microsoft Reports Rising Cyberattacks on Critical Infrastructure, Blurred Lines Between State and Criminal Actors, Need for Deterrents - 3d
  • @patrickcmiller - Infosec Exchange - Microsoft reports rising cyberattacks on critical infrastructure, blurred lines between state and criminal actors, need for deterrents - 3d
  • Security Affairs - SecurityAffairs.com's original news report on the indictment of the Anonymous Sudan members. - 3d
  • @jos1264 - Jos1264's tweet referencing the Anonymous Sudan indictment, linking to CISO2CISO's article. - 3d
  • @patrickcmiller - Iranian hackers use brute force, credential access activity to target critical infrastructure organizations - 3d
  • ciso2ciso.com - CISO2CISO’s article reporting on the Iranian hackers’ MFA push-bombing attack, highlighting the targeted systems and the potential impact. - 3d
  • Hackread – Latest Cybersecurity, Tech, Crypto - HackRead’s article detailing the Iranian hackers’ MFA push-bombing attack, emphasizing the techniques used and the importance of MFA security measures. - 3d
  • @jos1264 - A social media post from Skynet Cloud mentioning the Iranian hackers’ MFA push-bombing attack. - 3d
  • @cybernews - Two Sudanese men accused of being the brains behind the hacktivist group have been arrested by the US government. - 2d
  • The Hacker News - The US Department of Justice (DOJ) announced that it has charged two Sudanese brothers with leading a prolific hacking group, Anonymous Sudan, which launched attacks against governments, businesses, a - 2d
  • Over Security - Iranian Hackers Target Critical Infrastructure - 2d
  • Over Security - An unsealed federal grand jury indictment charges two Sudanese nationals with operating and controlling Anonymous Sudan, an online cybercriminal group responsible for tens of thousands of Distributed - 2d
  • Security Archives - U.S. and allies warn of attacks from Iran-linked actors targeting critical infrastructure through brute-force attacks in a year-long campaign. - 2d

Classification:
  • HashTags: MFA Cybersecurity Iran
  • Company: Microsoft Citrix
  • Target: Microsoft 365 Azure Citrix Systems Users
  • Attacker: Iranian Hackers
  • Product: Microsoft 365 Azure Citrix Systems
  • Feature: MFA
  • Type: Hack
  • Severity: Medium

This site is an experimental news aggregator using feeds I personally follow. You can reach me using contacts documented at my website here (https://royans.net/) if you have feedback. You can also find Flathis at Mastodon.